On Friday, June 26, 2015 at 10:04:19 AM UTC-5, Gervase Markham wrote: > On 22/06/15 22:46, B Galliart wrote: > > However, lets say, just for the sake of argument, that Pocket decides > > it want a web site popularity/rank feature. Something similar to > > Google PageRank or Alexa add-ons. As part of this (again for the > > sake of argument), the Pocket integration links into the http/https > > submissions such a log of websites visited is periodically compressed > > and transmitted to Pocket. > > OK, now you have a seriously large tinfoil hat on. What makes you think > that, even if the Pocket engineers decided to write the code for such a > feature, Mozilla would consider integrating it for even a second?
Again, that was an example of how the *language of the ToS* is alarming and not a statement about Mozilla code review. If that type of language was just thrown in as boiler plate and not part of how Pocket will operate in the future, then what is the harm in removing it? It should also be noted that Firefox is now promoting a brand and ecosystem that is not fully under it's full control. Not all changes to that ecosystem go through the Firefox code review process. I don't have proof that Pocket will do anything malicious and would like to believe they are a good addition to Firefox. However, it seems dangerous to start a trend of introducing brands into Firefox that greatly lack transparency and has as this type of ToS language. If we are to expect further integrations of this nature, the it may reach a critical mass where one of the companies involved does something to erode the concept of the web we want. Using code review as the first line of defense means only the actions that directly impact Firefox get caught instead of the full environment. Just the fact they would write anything that claims it in their rights to submit such code to me deserves clarification. I just want to understand the reasoning for this language in their ToS and what the intend to do with it. However, I will admit that based on how the Mozilla Foundation is run today, that such a code would not last a full 1000 milliseconds of consideration and also never reach a nightly release. I understand why anyone would get upset about discussing how the install-time activation of the ToS would have any practical harm. But, I still have yet to hear from anyone on a how this integration adheres to the Open Source Definition #6 criterial in a practical way. How can there be an *legal* commercial use of this integration *today*? If core functionality integrated from Firefox is deviating from practical application of OSD, then should the Know Your Right document be updated accordingly? > > I'm not claiming I have proof Pocket intends to do this. What I am > > claiming is the current Terms of Service give themselves the > > permission to add this type of behavior even if the user never clicks > > on the Pocket icon and disables the icon from the bar. > > Pocket engineers do not have unrestricted and unbackoutable checkin > rights to the Firefox source code tree. I was not trying to claim they did. I believed that I was asked for an example of what actions the *ToS* permits and why I find that language alarming. At least that is the question I attempted to answer. If I offended anyone by implying that Pocket somehow now has unrestricted access to what will appear in the next nightly, I am sorry. That wasn't what I was trying to say at all. If you want to claim the tinfoil hat has come out in relation to my request for clarification, then I am fine with that. It seems lately that nitpicking any criticism has become more important than getting them resolved. But the funny thing about privacy is it is much easier to lose than it is to keep and once it is out, there is really no getting it back. I will admit that is at least easy to clear up the "who" of Pocket as there are interviews and articles available about Nate Weiner. Overall the intent of Pocket appear to be neither evil or malicious. But there are still how/why items that they seem to be refusing to answer: - What is on the roadmap for this integration? - Why is this aggressive language needed in the ToS? - Why is a private/undocumented API needed and used? - Why is the only server currently compatible with the Firefox integration of Pocket available only for non-commercial use? - Do they plan to take any legal action against compatible servers which clone the protocol? If tomorrow (or any other day in the near future) Pocket started clarifying the issues and it turned out all of these secrets where just oversight in them being transparent/open then I will be a lot happier. But I don't think we are even to the point of an ETA on reaching that. So far Pocket has not been very open. _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
